Wanted: Weaponized exploits that hack phones. Will pay top dollar

(credit: Wikipedia)

In a sign of the soaring demand for zeroday attacks that target software that's becoming increasingly secure, a market-leading broker is offering serious cash for weaponized exploits that work against Signal, WhatsApp, and other mobile apps that offer confidential messaging or privacy.

Zerodium, the Washington, DC-based broker that launched in 2015, said on Wednesday that it would pay $500,000 for fully functional attacks that work against Signal, WhatsApp, iMessage, Viber, WeChat, and Telegram. The broker said it would start paying the same rate for exploits against default mobile e-mail apps. Those are among the highest prices Zerodium offers. Only remote jailbreaks for Apple's iOS devices fetch a higher fee, with $1.5 million offered for those that require no user interaction and $1 million for those that do. The jailbreak fees were announced in September 2016 and September 2015, respectively.

"Overall prices are trending up-and quite significantly in many cases, and there's an increased focus on mobile," Adam Caudill, a senior application security consultant at AppSec Consulting, told Ars. "The new $500k targets for messaging and default e-mail apps show what a priority attacking individuals via their devices has become (which makes sense, given the recent increase in state-sponsored malware targeting mobile devices via SMS and the like)."

Read 10 remaining paragraphs | Comments